数据库安全
在线手册:中文 英文
PHP手册

加密存储模型

SSL/SSH 能保护客户端和服务器端交换的数据,但 SSL/SSH 并不能保护数据库中已有的数据。SSL 只是一个加密网络数据流的协议。

如果攻击者取得了直接访问数据库的许可(绕过 web 服务器),敏感数据就可能暴露或者被滥用,除非数据库自己保护了这些信息。对数据库内的数据加密是减少这类风险的有效途径,但是只有很少的数据库提供这些加密功能。

对于这个问题,有一个简单的解决办法,就是创建自己的加密机制,然后把它用在 PHP 程序内。PHP 有几个扩展库可以完成这个工作,比如说 McryptMhash 等,它们包含多种加密运算法则。脚本在插入数据库之前先把数据加密,以后提取出来时再解密。有关加密如何工作的例子请参考相关手册。

对某些真正隐蔽的数据,如果不需要以明文的形式存在(即不用显示),可以考虑用散列算法。使用散列算法最常见的例子就是把密码经过 MD5 加密后的散列存进数据库来代替原来的明文密码。参见 crypt()md5()

Example #1 对密码字段进行散列加密

<?php

// 存储密码散列
$query  sprintf("INSERT INTO users(name,pwd) VALUES('%s','%s');",
            
pg_escape_string($username), md5($password));
$result pg_query($connection$query);

// 发送请求来验证用户密码
$query sprintf("SELECT 1 FROM users WHERE name='%s' AND pwd='%s';",
            
pg_escape_string($username), md5($password));
$result pg_query($connection$query);

if (
pg_num_rows($result) > 0) {
    echo 
'Welcome, $username!';
} else {
    echo 
'Authentication failed for $username.';
}

?>

数据库安全
在线手册:中文 英文
PHP手册
PHP手册 - N: 加密存储模型

用户评论:

Reiner (21-Apr-2011 08:46)

Using functions to obfuscate the hash generation does not increase security. This is security by obscurity. The algorithm used to hash the data needs to be secure by itself.

I would not suggest to use other data as salt. For example if you use the username, you won't be able to change the values without rehashing the password.

I would use a dedicated salt value stored in the same database table.

Why? Because a lot of users use the same login credentials on different web services. And in case another service also uses the username as salt, the resulting hashed password might be the same!

Also an attacker may prepare a rainbow table with prehashed passwords using the username and other known data as salt. Using random data would easily prevent this with little programming effort.

zyppora at nosmac yahoo dot com (14-Mar-2007 12:30)

In addition to roysimkes at hotmail dot com:

If your passwords are so secret that they're worth a year's hacking/cracking/etc, you might want to consider 'password renewal', much like Windows' option. Tell your users to renew their passwords every x days/weeks/months to make it extra hard on those already-sweating malicious visitors.

somebody (27-Dec-2006 06:07)

A better way to hash would be to use a separate salt for each user. Changing the salt upon each password update will ensure the hashes do not become stale.

Fairydave at the location of dodo.com.au (12-Feb-2006 02:58)

I think the best way to have a salt is not to randomly generate one or store a fixed one. Often more than just a password is saved, so use the extra data. Use things like the username, signup date, user ID, anything which is saved in the same table. That way you save on space used by not storing the salt for each user.

Although your method can always be broken if the hacker gets access to your database AND your file, you can make it more difficult. Use different user data depending on random things, the code doesn't need to make sense, just produce the same result each time. For example:

if ((asc(username character 5) > asc(username character 2))
{
   if (month the account created > 6)
      salt = ddmmyyyy of account created date
   else
      salt = yyyyddmm of account created date
}
else
{
   if (day of account created > 15)
      salt = user id * asc(username character 3)
   else
      salt = user id + asc(username character 1) + asc(username character 4)
}

This wont prevent them from reading passwords when they have both database and file access, but it will confuse them and slow them up without much more processing power required to create a random salt